If you attempt to use SSL Forward Proxy features without the license, it will surely fail.
At a minimum, if you remove the TCP ingress VIP and just leave the proxy VIP, you should be able to do outbound HTTP (HTTPS should fail with a 503). If that works, create the ingress TCP VIP with the following minimum properties (leave everything else at default):
- Type: Standard
- Destination Address/Mask: 0.0.0.0/0
- Service Port: 443
- VLAN and Tunnel Traffic: Enabled on the tunnel VLAN
- Source Address Translation: SNAT if you need it for outbound traffic
- Address and port translation: unchecked
In this case you're just creating a tunnel to allow HTTPS traffic to pass, without attempting to decrypt. Again, without the license it will definitely fail if you apply SSL profiles.